﻿// ----------------------------------------------------------------------------------
// Microsoft Developer & Platform Evangelism
// 
// Copyright (c) Microsoft Corporation. All rights reserved.
// 
// THIS CODE AND INFORMATION ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, 
// EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES 
// OF MERCHANTABILITY AND/OR FITNESS FOR A PARTICULAR PURPOSE.
// ----------------------------------------------------------------------------------
// The example companies, organizations, products, domain names,
// e-mail addresses, logos, people, places, and events depicted
// herein are fictitious.  No association with any real company,
// organization, product, domain name, email address, logo, person,
// places, or events is intended or should be inferred.
// ----------------------------------------------------------------------------------

namespace umbraco.ACSExtensions
{
    using System;
    using System.Security.Principal;
    using System.Web;
    using Microsoft.IdentityModel.Claims;
    using Microsoft.IdentityModel.Configuration;
    using Microsoft.IdentityModel.Web;
    using System.Threading;

    public class CustomWSFederationAuthenticationModule : WSFederationAuthenticationModule
    {
        protected override void OnPostAuthenticateRequest(object sender, EventArgs e)
        {
            if (!(HttpContext.Current.User is IClaimsPrincipal))
            {
                IClaimsPrincipal incomingPrincipal = CreateFromHttpContext(HttpContext.Current);
                ClaimsAuthenticationManager claimsAuthenticationManager = this.ServiceConfiguration.ClaimsAuthenticationManager;
                
                if (((claimsAuthenticationManager != null) && (incomingPrincipal != null)) && (incomingPrincipal.Identity != null))
                {
                    incomingPrincipal = claimsAuthenticationManager.Authenticate(HttpContext.Current.Request.Url.AbsoluteUri, incomingPrincipal);
                }

                HttpContext.Current.User = incomingPrincipal;
                Thread.CurrentPrincipal = incomingPrincipal;
            }
        }

        private static IClaimsPrincipal CreateFromHttpContext(HttpContext httpContext)
        {
            if (httpContext == null)
            {
                throw new ArgumentNullException("httpContext");
            }

            ServiceConfiguration current = FederatedAuthentication.ServiceConfiguration;
            IClaimsPrincipal principal =
                httpContext.User == null || !httpContext.User.Identity.IsAuthenticated ?
                    CreateAnonymousPrincipal() :
                    ClaimsPrincipal.CreateFromPrincipal(httpContext.User, current.IssuerNameRegistry.GetWindowsIssuerName());

            return principal;
        }

        private static IClaimsPrincipal CreateAnonymousPrincipal()
        {
            return new EmptyClaimsPrincipal();
        }

        private class EmptyClaimsPrincipal : IClaimsPrincipal
        {
            public IIdentity Identity
            {
                get { return new GenericIdentity(string.Empty); }
            }

            public ClaimsIdentityCollection Identities
            {
                get { return new ClaimsIdentityCollection(); }
            }

            public IClaimsPrincipal Copy()
            {
                throw new NotImplementedException();
            }

            public bool IsInRole(string role)
            {
                return false;
            }
        }
    }
}